Microsoft January Patch Fixed 1 Zero-Day and 82 Flaws!

Microsoft ultimately issued its first security patch of 2021, which addresses more than 82 flaws present in about 12 services and also includes an active exploit zero-day vulnerability.

In this latest patch, 10 bugs are taken as critical and more than 72 bugs are listed as important for services. This updates security patch covers the flaws of Microsoft Windows, ChakraCore, Microsoft Office Services, Web Apps, Visual Studio, NET Core, ASP. NET, Visual Studio, and many others.

The most critical issue founded is Microsoft Defender is RCE (remote code execution) that permits the hackers to infect the targeted systems with an arbitrary code.

Whereas Microsoft Malware Protection Engine (mpengine.dll) provides the scanning, cleaning, and detection capabilities for Microsoft Defender antispyware software program. The version affected by this flaw is 1.1.17600.5 and this bug is addressed in version 1.1.17700.4.

Microsoft January Patch Fixed 1 Zero-Day and 82 Flaws

The addressed bug is activated and wild in nature, it is work as the zero-click flaw that can be exploited into the system with any interaction with the user, it details are scary on how it gets spread and exploited.

Microsoft experts say that the technique is not fully functional in all types of situations and the exploit is still considered to be a proof-of-concept, along with various updates requires for working.

Vulnerability Fixed By Security Update 2021!

Microsoft January Patch Fixed 1 Zero-Day and 82 Flaws!

According to the senior director of product management and security said that; the organizations that are configured with automatic updates, don’t need to take any action, as the threat actor will try to evade the protection of the system and will block the engine updates automatically.

Many experts said that the flaw is already resolved by the automatic updates by Malware Protection Engine which released over a month or when it required a patch to fix a new vulnerability discovered.

Microsoft also fixed both publicly disclosed vulnerability and zero-day in this security update. They also released the patch of zero-day RCE vulnerability with CVE-2021-1647.

Microsoft also patched the vulnerability disclosed publicly by Google under CVE-2020-0986. Look out for this table below to know about the patched in detail.

TagCVE IDCVE TitleSeverity
.NET Repository
CVE-2021-1725Bot Framework SDK Information Disclosure VulnerabilityImportant
ASP.NET core & .NET coreCVE-2021-1723ASP.NET Core and Visual Studio Denial of Service VulnerabilityImportant
Azure Active Directory Pod IdentityCVE-2021-1677Azure Active Directory Pod Identity Spoofing VulnerabilityImportant
Microsoft Bluetooth DriverCVE-2021-1683Windows Bluetooth Security Feature Bypass VulnerabilityImportant
Microsoft Bluetooth DriverCVE-2021-1638Windows Bluetooth Security Feature Bypass VulnerabilityImportant
Microsoft Bluetooth DriverCVE-2021-1684Windows Bluetooth Security Feature Bypass VulnerabilityImportant
Microsoft DTV-DVD Video DecoderCVE-2021-1668Microsoft DTV-DVD Video Decoder Remote Code Execution VulnerabilityCritical
Microsoft Edge (HTML-based)CVE-2021-1705Microsoft Edge (HTML-based) Memory Corruption VulnerabilityCritical
Microsoft Graphics ComponentCVE-2021-1709Windows Win32k Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2021-1696Windows Graphics Component Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2021-1665GDI+ Remote Code Execution VulnerabilityCritical
Microsoft Graphics ComponentCVE-2021-1708Windows GDI+ Information Disclosure VulnerabilityImportant
Microsoft Malware Protection EngineCVE-2021-1647Microsoft Defender Remote Code Execution VulnerabilityCritical
Microsoft OfficeCVE-2021-1713Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2021-1714Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2021-1711Microsoft Office Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2021-1715Microsoft Word Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2021-1716Microsoft Word Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2021-1712Microsoft SharePoint Elevation of Privilege VulnerabilityImportant
Microsoft Office SharePointCVE-2021-1707Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2021-1718Microsoft SharePoint Server Tampering VulnerabilityImportant
Microsoft Office SharePointCVE-2021-1717Microsoft SharePoint Spoofing VulnerabilityImportant
Microsoft Office SharePointCVE-2021-1719Microsoft SharePoint Elevation of Privilege VulnerabilityImportant
Microsoft Office SharePointCVE-2021-1641Microsoft SharePoint Spoofing VulnerabilityImportant
Microsoft RPCCVE-2021-1702Windows Remote Procedure Call Runtime Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2021-1649Active Template Library Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2021-1676Windows NT Lan Manager Datagram Receiver Driver Information Disclosure VulnerabilityImportant
Microsoft WindowsCVE-2021-1689Windows Multipoint Management Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2021-1657Windows Fax Compose Form Remote Code Execution VulnerabilityImportant
Microsoft WindowsCVE-2021-1646Windows WLAN Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2021-1650Windows Runtime C++ Template Library Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2021-1706Windows LUAFV Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2021-1699Windows (modem. sys) Information Disclosure VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2021-1644HEVC Video Extensions Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2021-1643HEVC Video Extensions Remote Code Execution VulnerabilityCritical
Microsoft Windows DNSCVE-2021-1637Windows DNS Query Information Disclosure VulnerabilityImportant
SQL ServerCVE-2021-1636Microsoft SQL Elevation of Privilege VulnerabilityImportant
Visual StudioCVE-2020-26870Visual Studio Remote Code Execution VulnerabilityImportant
Windows AppX Deployment ExtensionsCVE-2021-1642Windows AppX Deployment Extensions Elevation of Privilege VulnerabilityImportant
Windows AppX Deployment ExtensionsCVE-2021-1685Windows AppX Deployment Extensions Elevation of Privilege VulnerabilityImportant
Windows CryptoAPICVE-2021-1679Windows CryptoAPI Denial of Service VulnerabilityImportant
Windows CSC ServiceCVE-2021-1652Windows CSC Service Elevation of Privilege VulnerabilityImportant
Windows CSC ServiceCVE-2021-1654Windows CSC Service Elevation of Privilege VulnerabilityImportant
Windows CSC ServiceCVE-2021-1659Windows CSC Service Elevation of Privilege VulnerabilityImportant
Windows CSC ServiceCVE-2021-1653Windows CSC Service Elevation of Privilege VulnerabilityImportant
Windows CSC ServiceCVE-2021-1655Windows CSC Service Elevation of Privilege VulnerabilityImportant
Windows CSC ServiceCVE-2021-1693Windows CSC Service Elevation of Privilege VulnerabilityImportant
Windows CSC ServiceCVE-2021-1688Windows CSC Service Elevation of Privilege VulnerabilityImportant
Windows Diagnostic HubCVE-2021-1680Diagnostics Hub Standard Collector Elevation of Privilege VulnerabilityImportant
Windows Diagnostic HubCVE-2021-1651Diagnostics Hub Standard Collector Elevation of Privilege VulnerabilityImportant
Windows DP APICVE-2021-1645Windows Docker Information Disclosure VulnerabilityImportant
Windows Event Logging ServiceCVE-2021-1703Windows Event Logging Service Elevation of Privilege VulnerabilityImportant
Windows Event TracingCVE-2021-1662Windows Event Tracing Elevation of Privilege VulnerabilityImportant
Windows Hyper-VCVE-2021-1691Hyper-V Denial of Service VulnerabilityImportant
Windows Hyper-VCVE-2021-1704Windows Hyper-V Elevation of Privilege VulnerabilityImportant
Windows Hyper-VCVE-2021-1692Hyper-V Denial of Service VulnerabilityImportant
Windows InstallerCVE-2021-1661Windows Installer Elevation of Privilege VulnerabilityImportant
Windows InstallerCVE-2021-1697Windows InstallService Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2021-1682Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows MediaCVE-2021-1710Microsoft Windows Media Foundation Remote Code Execution VulnerabilityImportant
Windows NTLMCVE-2021-1678NTLM Security Feature Bypass VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2021-1695Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Projected File System Filter DriverCVE-2021-1663Windows Projected File System FS Filter Driver Information Disclosure VulnerabilityImportant
Windows Projected File System Filter DriverCVE-2021-1672Windows Projected File System FS Filter Driver Information Disclosure VulnerabilityImportant
Windows Projected File System Filter DriverCVE-2021-1670Windows Projected File System FS Filter Driver Information Disclosure VulnerabilityImportant
Windows Remote DesktopCVE-2021-1674Windows Remote Desktop Protocol Core Security Feature Bypass VulnerabilityImportant
Windows Remote DesktopCVE-2021-1669Windows Remote Desktop Security Feature Bypass VulnerabilityImportant
Windows Remote Procedure Call RuntimeCVE-2021-1701Remote Procedure Call Runtime Remote Code Execution VulnerabilityImportant
Windows Remote Procedure Call RuntimeCVE-2021-1700Remote Procedure Call Runtime Remote Code Execution VulnerabilityImportant
Windows Remote Procedure Call RuntimeCVE-2021-1666Remote Procedure Call Runtime Remote Code Execution VulnerabilityCritical
Windows Remote Procedure Call RuntimeCVE-2021-1664Remote Procedure Call Runtime Remote Code Execution VulnerabilityImportant
Windows Remote Procedure Call RuntimeCVE-2021-1671Remote Procedure Call Runtime Remote Code Execution VulnerabilityImportant
Windows Remote Procedure Call RuntimeCVE-2021-1673Remote Procedure Call Runtime Remote Code Execution VulnerabilityCritical
Windows Remote Procedure Call RuntimeCVE-2021-1658Remote Procedure Call Runtime Remote Code Execution VulnerabilityCritical
Windows Remote Procedure Call RuntimeCVE-2021-1667Remote Procedure Call Runtime Remote Code Execution VulnerabilityCritical
Windows Remote Procedure Call RuntimeCVE-2021-1660Remote Procedure Call Runtime Remote Code Execution VulnerabilityCritical
Windows splwow64CVE-2021-1648Microsoft splwow64 Elevation of Privilege VulnerabilityImportant
Windows TPM Device DriverCVE-2021-1656TPM Device Driver Information Disclosure VulnerabilityImportant
Windows Update StackCVE-2021-1694Windows Update Stack Elevation of Privilege VulnerabilityImportant
Windows WalletServiceCVE-2021-1686Windows WalletService Elevation of Privilege VulnerabilityImportant
Windows WalletServiceCVE-2021-1681Windows WalletService Elevation of Privilege VulnerabilityImportant
Windows WalletServiceCVE-2021-1690Windows WalletService Elevation of Privilege VulnerabilityImportant
Windows WalletServiceCVE-2021-1687Windows WalletService Elevation of Privilege VulnerabilityImportant

On the other hand, the vulnerability fixed by Microsoft is memory corruption flaws the was discovered in Microsoft Edge Browser as CVE-2021-1705, along with that a Windows Remote Desktop Protocol was overlapping the flaw as CVE-2021-1674.

Leave a Reply